Flexible and Controllable Access Policy Update for Encrypted Data Sharing in the Cloud

As a promising service paradigm, cloud computing has attracted lots of enterprises and individuals to outsource big data to public cloud. To facilitate secure data using and sharing, ciphertext-policy attribute-based encryption (CP-ABE) is a suitable solution, which can provide fine-grained access control and encryption functionalities simultaneously. However, some serious challenges are still remaining toward achieving flexible and controllable access policy update in CP-ABE, which essentially impede the powerful access control ability of CP-ABE from long-term and large-scale deployment in real systems. In this work, we propose a novel scheme named policy updatable CP-ABE for encrypted data sharing scenes. The proposed scheme features the following achievements: (i) it supports fine-grained update algorithms with no restriction on update time; (ii) the cloud server can effectively verify update ciphertexts, so the integrity of original data would not be compromised intentionally or accidentally during the update and (iii) most operations of encryption and policy update are securely outsourced to cloud servers, leaving extremely low overheads for data owners and users. We formally define its security model and prove it is adaptively secure. Also, we implement the proposed scheme using the Charm framework. The experiment results demonstrate that it is efficient and practical.